Can log sources be tagged with multiple stream id's?


(Jake Smith) #1

Hi All,

Looking at the “how streamms are processed internally” section at http://docs.graylog.org/en/2.3/pages/streams.html

It states that the stream-id is assigned as the log source enter graylog.

Say I have the following windows log sources

application
security
system

Therefore, it should not be possible to create the streams detailed below as there is only one stream id per log entry.

stream 1 - A message must match at least one of the following rules

channel = security
channel = system

stream 2 - A message must match at least one of the following rules

channel = security
channel = application

Am I correct in my understanding or can log sources have multiple steam_ids?

Cheers

Jake


(Jochen) #2

A message can belong to an (almost) arbitrary number of streams.

stream_ids is really an array of strings (the IDs of the streams a message belongs to).


(Jake Smith) #3

Jochen,

Cheers, I know understand the concept.

Thank you for your time.

Jake


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.